The client, server, or proxy MAY impose
additional requirements on authentication as part of the transfer. In these
cases, authentication information MUST be exchanged between the client, server,
and proxy as required by HTTP and the relevant authentication protocol.<1>